| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-3657 | My Sticky Bar <= 2.8.6 - Unauthenticated SQL Injection via 'stickymenu_contact_lead_form' Action | premio | My Sticky Bar – Floating Notification Bar & Sticky Header (formerly myStickymenu) | High | 7.5 | 2026-03-12 02:22:36 | Deep Dive |
| CVE-2025-14465 | Sticky Action Buttons <= 1.1 - Cross-Site Request Forgery to Plugin Settings Update | praveentamil | Sticky Action Buttons | Medium | 4.3 | 2026-01-07 09:21:00 | Deep Dive |
| CVE-2025-14428 | My Sticky Elements <= 2.3.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Bulk Lead Deletion | premio | All-in-one Sticky Floating Contact Form, Call, Click to Chat, and 50+ Social Icon Tabs – My Sticky Elements | Medium | 4.3 | 2026-01-01 16:19:31 | Deep Dive |
| CVE-2025-62087 | WordPress Sticky Notes for WP Dashboard plugin <= 1.2.4 - Broken Access Control vulnerability | Web Builder 143 | Sticky Notes for WP Dashboard | Medium | 4.3 | 2025-12-31 16:08:59 | Deep Dive |
| CVE-2025-68995 | WordPress My Sticky Elements plugin <= 2.3.3 - Broken Access Control vulnerability | Premio | My Sticky Elements | Medium | 4.3 | 2025-12-30 10:47:51 | Deep Dive |
| CVE-2025-58251 | WordPress Sticky Header Effects for Elementor Plugin <= 2.1.2 - Broken Access Control Vulnerability | POSIMYTH | Sticky Header Effects for Elementor | Medium | 4.3 | 2025-09-22 18:23:29 | Deep Dive |
| CVE-2023-3666 | Sticky Side Buttons < 2.0.0 - Admin+ Stored XSS | Unknown | Sticky Side Buttons | - | - | 2025-09-03 06:00:04 | Deep Dive |
| CVE-2025-48168 | WordPress Apollo - Sticky Full Width HTML5 Audio Player <= 3.4 - Cross Site Scripting (XSS) Vulnerability | LambertGroup | Apollo - Sticky Full Width HTML5 Audio Player | High | 7.1 | 2025-08-20 08:03:27 | Deep Dive |
| CVE-2025-50019 | WordPress Simple Sticky Footer plugin <= 1.3.5 - Cross Site Scripting (XSS) Vulnerability | Sandor Kovacs | Simple Sticky Footer | Medium | 5.9 | 2025-06-20 15:03:59 | Deep Dive |
| CVE-2025-6055 | Zen Sticky Social <= 0.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting | bogdanding | Zen Sticky Social | Medium | 6.1 | 2025-06-14 08:23:24 | Deep Dive |
| CVE-2025-31426 | WordPress Sticky Radio Player plugin <= 3.4 - Reflected Cross Site Scripting (XSS) vulnerability | LambertGroup | Sticky Radio Player | High | 7.1 | 2025-06-09 15:56:38 | Deep Dive |
| CVE-2025-47529 | WordPress Experto CTA Widget – Call To Action, Sticky CTA, Floating Button Plugin <= 1.1.1 - Settings Change Vulnerability | UX Design Experts | Experto CTA Widget – Call To Action, Sticky CTA, Floating Button Plugin | Medium | 6.5 | 2025-05-23 12:43:33 | Deep Dive |
| CVE-2025-39356 | WordPress Foodbakery Sticky Cart plugin <= 3.2 - PHP Object Injection vulnerability | Chimpstudio | Foodbakery Sticky Cart | Critical | 9.8 | 2025-05-19 19:45:19 | Deep Dive |
| CVE-2025-31926 | WordPress Sticky Radio Player plugin <= 3.4 - SQL Injection Vulnerability | LambertGroup | Sticky Radio Player | High | 8.5 | 2025-05-16 15:45:35 | Deep Dive |
| CVE-2025-32290 | WordPress Sticky HTML5 Music Player plugin <= 3.1.6 - SQL Injection Vulnerability | LambertGroup | Sticky HTML5 Music Player | High | 8.5 | 2025-05-16 15:45:32 | Deep Dive |
| CVE-2024-2643 | My Sticky Bar < 2.6.8 - Admin+ Stored XSS | Unknown | Floating Notification Bar, Sticky Menu on Scroll, Announcement Banner, and Sticky Header for Any Theme | - | - | 2025-05-15 20:09:44 | Deep Dive |
| CVE-2025-39421 | WordPress WP Sticky Side Buttons plugin <= 2.1 - Cross Site Request Forgery (CSRF) vulnerability | Mustafa KUCUK | WP Sticky Side Buttons | High | 7.1 | 2025-04-17 15:17:08 | Deep Dive |
| CVE-2025-31854 | WordPress Simple Sticky Add To Cart For WooCommerce plugin <= 1.4.9 - Broken Access Control vulnerability | Sharaz Shahid | Simple Sticky Add To Cart For WooCommerce | Medium | 4.3 | 2025-04-01 14:52:02 | Deep Dive |
| CVE-2025-31610 | WordPress Notification Bar, Sticky Notification Bar, Sticky Welcome Bar for any theme plugin <= 1.1 - Cross Site Scripting (XSS) vulnerability | gingerplugins | Notification Bar, Sticky Notification Bar, Sticky Welcome Bar for any theme | Medium | 5.9 | 2025-03-31 12:55:39 | Deep Dive |
| CVE-2025-26881 | WordPress Sticky Content plugin <= 1.0.1 - Cross Site Scripting (XSS) vulnerability | bPlugins | Sticky Content | Medium | 6.5 | 2025-02-25 14:17:52 | Deep Dive |